giuseppe-trisciuoglio/developer-kit
Comprehensive developer toolkit providing reusable skills for Java/Spring Boot, TypeScript/NestJS/React/Next.js, Python, PHP, AWS CloudFormation, AI/RAG, DevOps, and more.
89
89%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
structure.mdplugins/developer-kit-java/skills/spring-boot-security-jwt/references/
Spring Security JWT Skill Structure
spring-boot-security-jwt/
├── SKILL.md # Main skill documentation
├── README.md # User-friendly overview and quick start
├── structure.md # This file - skill structure documentation
│
├── references/ # Comprehensive reference documentation
│ ├── jwt-configuration.md # Complete JWT setup and configuration
│ ├── examples.md # Real-world implementation examples
│ ├── authorization-patterns.md # RBAC, ABAC, and permission models
│ ├── token-management.md # Refresh tokens, rotation, and revocation
│ ├── microservices-security.md # Inter-service authentication
│ ├── oauth2-integration.md # OAuth2 provider integration
│ ├── testing-jwt-security.md # Unit and integration testing
│ ├── performance-optimization.md # Caching and performance tuning
│ ├── security-hardening.md # Security best practices
│ └── troubleshooting.md # Common issues and solutions
│
├── scripts/ # Utility scripts
│ └── test-jwt-setup.sh # Automated testing script
│
└── assets/ # Supporting assets and tools
└── generate-jwt-keys.sh # Key generation utilitySkill Coverage
Core Features (SKILL.md)
- JWT generation and validation with multiple algorithms (RSA, HMAC, ECDSA)
- Bearer token and cookie-based authentication patterns
- Database-backed and OAuth2 provider integration
- Both RBAC and permission-based access control
- Advanced patterns: refresh tokens, token rotation, multi-tenancy
Configuration (jwt-configuration.md)
- Comprehensive dependency management
- Key configuration for RSA, HMAC, and ECDSA
- Custom claims and validation
- Application properties and YAML configurations
- Key rotation support
Implementation Examples (examples.md)
- Complete application setup
- Domain models (User, Role, Permission entities)
- Authentication and registration controllers
- Service layer implementations
- Advanced security configuration
Authorization Patterns (authorization-patterns.md)
- Hierarchical role structures
- Custom permission evaluators
- Attribute-Based Access Control (ABAC)
- Time-based access control
- Location-based restrictions
- Organizational access control
Token Management (token-management.md)
- Secure refresh token storage
- Token rotation strategies
- Token blacklisting
- Session management
- Distributed security events
Microservices Security (microservices-security.md)
- Inter-service authentication
- API gateway patterns
- Distributed token validation
- Service mesh integration (Istio)
- Circuit breaker patterns
OAuth2 Integration (oauth2-integration.md)
- Multi-provider support
- Custom OAuth2 user service
- Token exchange patterns
- Delegated authorization
- Client registration API
Testing (testing-jwt-security.md)
- Unit testing JWT services
- Integration tests with Testcontainers
- Security testing with OWASP ZAP
- Performance testing
- Custom security test utilities
Performance Optimization (performance-optimization.md)
- Caching strategies for token validation
- Database optimization
- Async processing
- Monitoring and metrics
- Resource optimization
Security Hardening (security-hardening.md)
- Secure configuration practices
- Attack prevention (brute force, XSS, SQL injection)
- Key management best practices
- Security monitoring
- GDPR compliance features
Troubleshooting (troubleshooting.md)
- Common JWT token problems
- Authentication flow debugging
- Configuration validation
- Quick fix scripts
- Debugging checklist
Integration Points
This skill integrates with:
- Spring Boot Actuator - For security monitoring and health checks
- Spring Data JPA - For user and token persistence
- Spring Cache - For token validation caching
- JUnit Testing - For comprehensive security testing
- LangChain4j - For AI-powered security analysis (if needed)
Quick Start Flow
- Review README.md for overview
- Generate keys using
./assets/generate-jwt-keys.sh - Implement basic JWT using SKILL.md quick start
- Reference jwt-configuration.md for detailed setup
- Use examples.md for implementation patterns
- Apply security-hardening.md for production
- Run tests with
./scripts/test-jwt-setup.sh - Monitor with troubleshooting.md as needed
Key Benefits
- Comprehensive Coverage: From basic JWT to advanced microservices patterns
- Production Ready: Includes security hardening and performance optimization
- Well Documented: Each aspect has detailed reference documentation
- Practical Examples: Real-world code implementations
- Testing Included: Automated test suite and testing strategies
- Troubleshooting Guide: Common issues and solutions
Maintenance
This skill should be updated when:
- New Spring Security features are released
- New security vulnerabilities are discovered
- Performance optimizations are identified
- Community feedback suggests improvements
- Integration patterns evolve
docs
plugins
developer-kit-ai
developer-kit-aws
agents
docs
skills
aws
aws-cli-beast
aws-cost-optimization
aws-drawio-architecture-diagrams
aws-sam-bootstrap
aws-cloudformation
aws-cloudformation-auto-scaling
aws-cloudformation-bedrock
aws-cloudformation-cloudfront
aws-cloudformation-cloudwatch
aws-cloudformation-dynamodb
aws-cloudformation-ec2
aws-cloudformation-ecs
aws-cloudformation-elasticache
references
aws-cloudformation-iam
references
aws-cloudformation-lambda
aws-cloudformation-rds
aws-cloudformation-s3
aws-cloudformation-security
aws-cloudformation-task-ecs-deploy-gh
aws-cloudformation-vpc
references
developer-kit-core
agents
commands
skills
developer-kit-devops
developer-kit-java
agents
commands
docs
skills
aws-lambda-java-integration
aws-rds-spring-boot-integration
aws-sdk-java-v2-bedrock
aws-sdk-java-v2-core
aws-sdk-java-v2-dynamodb
aws-sdk-java-v2-kms
aws-sdk-java-v2-lambda
aws-sdk-java-v2-messaging
aws-sdk-java-v2-rds
aws-sdk-java-v2-s3
aws-sdk-java-v2-secrets-manager
clean-architecture
graalvm-native-image
langchain4j-ai-services-patterns
references
langchain4j-mcp-server-patterns
references
langchain4j-rag-implementation-patterns
references
langchain4j-spring-boot-integration
langchain4j-testing-strategies
langchain4j-tool-function-calling-patterns
langchain4j-vector-stores-configuration
references
qdrant
references
spring-ai-mcp-server-patterns
spring-boot-actuator
spring-boot-cache
spring-boot-crud-patterns
spring-boot-dependency-injection
spring-boot-event-driven-patterns
spring-boot-openapi-documentation
spring-boot-project-creator
spring-boot-resilience4j
spring-boot-rest-api-standards
spring-boot-saga-pattern
spring-boot-security-jwt
assets
references
scripts
spring-boot-test-patterns
spring-data-jpa
references
spring-data-neo4j
references
unit-test-application-events
unit-test-bean-validation
unit-test-boundary-conditions
unit-test-caching
unit-test-config-properties
references
unit-test-controller-layer
unit-test-exception-handler
references
unit-test-json-serialization
unit-test-mapper-converter
references
unit-test-parameterized
unit-test-scheduled-async
references
unit-test-service-layer
references
unit-test-utility-methods
unit-test-wiremock-rest-api
references
developer-kit-php
developer-kit-project-management
developer-kit-python
developer-kit-specs
commands
docs
hooks
test-templates
tests
skills
developer-kit-tools
developer-kit-typescript
agents
docs
hooks
rules
skills
aws-cdk
aws-lambda-typescript-integration
better-auth
clean-architecture
drizzle-orm-patterns
dynamodb-toolbox-patterns
references
nestjs
nestjs-best-practices
nestjs-code-review
nestjs-drizzle-crud-generator
nextjs-app-router
nextjs-authentication
nextjs-code-review
nextjs-data-fetching
nextjs-deployment
nextjs-performance
nx-monorepo
react-code-review
react-patterns
shadcn-ui
tailwind-css-patterns
tailwind-design-system
references
turborepo-monorepo
typescript-docs
typescript-security-review
zod-validation-utilities
references
github-spec-kit